Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2025/07/22 12:0 a.m.3 views

DB-GPT SQL注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.7.0, which stems from editorsqlrun and queryex being susceptible to SQL injection attacks that could lead to the execution of arbitrary...

6.5CVSS7.9AI score0.00325EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2025/07/22 12:0 a.m.3 views

PT-2025-30448 · Db-Gpt · Db-Gpt

Name of the Vulnerable Software and Affected Versions: DB-GPT version 0.7.0 Description: A file upload issue exists in the agent.hub.controller.refresh plugins component of DB-GPT. This allows remote attackers to execute arbitrary code by uploading a malicious plugin ZIP file to the...

6.5CVSS7.6AI score0.00349EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2025/03/22 12:13 p.m.12 views

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

9.8CVSS8.3AI score0.00994EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2025/03/20 12:32 p.m.10 views

DB-GPT vulnerable to Arbitrary File Upload with Path Traversal

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.8CVSS8.2AI score0.01192EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2025/03/20 12:32 p.m.8 views

GHSA-J9G7-MQHH-9HXF DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References4
NVD
NVDadded 2025/03/20 10:15 a.m.5 views

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS0.00769EPSS
Exploits1References1
OSV
OSVadded 2025/03/20 10:15 a.m.3 views

CVE-2024-10830

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the filekey parameter. The filekey parameter is not properly sanitized, enabling an...

8.2CVSS7AI score
Exploits0References1
Rows per page
Query Builder